The field of network security has become increasingly important in today's society. The Internet has enabled interconnection of different computer networks all over the world. The ability to effectively protect and maintain stable computers and systems, however, presents a significant obstacle for component manufacturers, system designers, and network administrators. This obstacle is made even more complicated due to the continually evolving array of tactics exploited by malicious operators. Certain types of malicious software can infect a host computer and perform any number of malicious actions, such as sending out spam or malicious emails from the host computer, stealing sensitive information from a business or individual associated with the host computer, propagating to other host computers, and/or assisting with distributed denial of service attacks, for example. In addition, targeted attacks in enterprises and other entities are becoming increasingly common. In a targeted attack, rather than propagating to many other hosts computers, only a few targeted host computers in a particular network environment (e.g., a company, government agency, etc.) are attacked. The malware infecting the targeted host computers may then proceed to leak sensitive or confidential data in small, less obvious amounts, possibly over a longer period of time (e.g., leaking small amounts of data each day over several weeks) in order to thwart detection efforts.
When a malware attack is discovered in a network environment such as an enterprise or government agency, recovery and clean up efforts can require significant network downtime. Such downtime could potentially cause lost revenue, lost worker productivity, lost production, lost business opportunities, etc. Hence, significant challenges remain for developing innovative tools to combat tactics that allow malicious operators to exploit host computers in network environments.